Tagfire icontagfire
Get Started

Privacy Policy

Last updated: 2026-06-08

Introduction

Tagfire is operated by Tagfire ("we", "us") and provides analytics and tag-management tooling for Google Analytics 4 and Google Tag Manager. This policy describes what personal data we handle, why we handle it, and the choices you have. It applies to the marketing site at tagfire.app and to the signed-in application at tagfire.app/app.

If you have questions about anything in this policy, email hello@tagfire.app.

Information we collect

When you sign in with Google we receive your name, email address, profile picture, and a stable Google account identifier (the OpenID "sub" claim). We use these to create and identify your Tagfire account.

With your consent we also store a short-lived Google OAuth access token and a refresh token so Tagfire can call the Google APIs you have authorised, on your behalf. These credentials are encrypted at rest in our database using authenticated symmetric encryption (AES-256-GCM), with the key held as a deployment secret separate from the database.

When you run an audit, Tagfire reads configuration and metadata from the GA4 properties and GTM containers you select. Audit results are stored on your account so you can come back to them later.

If you create or join a workspace we store the workspace name, the list of members and their roles, and any resources you save inside it, including UTM links, saved GTM tags, triggers, variables, and bookmarks.

Subscriptions are processed by Paddle, which acts as our merchant of record. We store the Paddle customer ID and the resulting subscription status on your account. We do not store full payment card numbers; payment instruments stay with Paddle.

We retain standard server logs (IP address, user agent, request path, and timestamps) for security monitoring and debugging.

Google user data and OAuth scopes

Tagfire only requests OAuth scopes that are needed for the feature you choose to use. Google's consent screen shows each scope before it is granted, and you can decline any individual scope.

- `userinfo.email` and `userinfo.profile`: your name, email, and profile picture, used to create and identify your Tagfire account.
- `analytics.readonly`: read-only access to your GA4 account, property, and configuration metadata, used to run audits and analyses you initiate.
- `analytics.edit`: write access to GA4 configuration. Used only when you explicitly run a tool that creates or fixes GA4 resources such as recommended events or custom dimensions.
- `analytics.manage.users.readonly`: read-only access to GA4 user and role assignments, used by the Access Governance tool to show you who has access to your accounts.
- `tagmanager.readonly`: read-only access to GTM container configuration, used to run GTM audits and surface saved resources.
- `tagmanager.edit.containers`: write access to GTM containers. Used only when you explicitly run a tool that creates or modifies tags, triggers, or variables.
- `tagmanager.manage.users`: access to GTM user permissions, used by the Access Governance tool when you ask it to manage GTM access.

You can review and revoke the scopes you have granted at any time at Google account permissions.

How we use your information

We use the information described above to authenticate you, to run the audits and analyses you initiate against the Google accounts you have connected, to bill you and manage your subscription, to send you transactional email such as sign-in confirmations, invoices, and workspace invites, and to investigate abuse, debug errors, and improve the product.

Limited Use of Google user data

Tagfire's use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements.

We use Google user data only to provide and improve the user-facing features of Tagfire. We do not transfer Google user data to any third party except as needed to provide those features, to comply with applicable law, or in connection with a merger or acquisition where users receive appropriate notice. We do not use Google user data to serve advertising of any kind, including personalised or retargeted advertising. We do not sell Google user data, and we do not share it with data brokers, information resellers, or any party for credit-worthiness or lending purposes. We do not use Google user data to train, fine-tune, or evaluate generalised or third-party AI or machine-learning models; audit checks run deterministically against the data you authorise.

No employee at Tagfire reads your Google user data, with three narrow exceptions. First, with your explicit consent so that we can debug a specific issue you have reported. Second, where it is required for a security investigation or to comply with valid legal process. Third, in aggregated, anonymised form for internal product analytics.

Service providers we share data with

To run the service we share data with a small number of processors. Google, for OAuth and the GA4 and GTM APIs. Vercel, for application hosting and the Postgres database. Paddle, for subscription billing, tax handling, and refund processing. Resend, for transactional email delivery.

Each processor is bound by a written contract to use the data only to perform services for us, and may not use it for their own purposes. We do not transfer or disclose your information to third parties for advertising, profiling, AI training, or any other purpose prohibited by the Google API Services User Data Policy. We may disclose information when required by valid legal process, or to protect the rights, safety, or property of Tagfire and its users.

How we secure your data

Traffic between you, Tagfire, and the Google APIs is encrypted in transit with TLS 1.2 or higher. Google OAuth tokens are encrypted at rest in our database using AES-256-GCM, with the encryption key managed as a deployment secret separate from the database. Access to production data is limited to a small set of administrators who authenticate with multi-factor authentication, and database activity is logged. If we ever confirm a security incident that affects you, we will notify you without undue delay and in any case within the timeframes required by applicable law.

Retention and deletion

We keep audit reports and saved workspace content until you delete them or close your account. Google OAuth tokens are kept until you disconnect Google inside Tagfire, or revoke our access at Google account permissions; revoking on Google's side immediately invalidates the tokens we hold. Your account record is retained for as long as your account is active. When you close your account, the account record and the associated Google user data are deleted within 30 days. We retain a limited set of records, such as invoices and tax data, for longer where the law requires us to.

To delete your account and all associated Google user data, email hello@tagfire.app with the subject line "Delete my account". We will confirm completion within 30 days of receiving the request.

Your rights

You can ask us to access, correct, export, or delete your personal data by emailing hello@tagfire.app. You can revoke Tagfire's Google access at any time from Google account permissions. Depending on where you live, you may also have rights under the GDPR, the UK GDPR, or the CCPA; if so, contact us and we will help you exercise them, and you have the right to lodge a complaint with your local supervisory authority.

Cookies

We use a small number of strictly necessary first-party cookies to keep you signed in and to remember which workspace you are working in. These are required for the service to function and are always on.

We do not load any advertising, analytics, or tracking scripts by default. With your explicit consent (via the cookie banner shown on your first visit), we load Google Tag Manager and Google Analytics 4 so we can understand how Tagfire is used in aggregate. Analytics cookies (such as `_ga` and `_ga_*`) are only set after you opt in. You can change or revoke your choice at any time using the "Cookie settings" link in the footer.

Children

Tagfire is not directed to children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us data, contact us and we will delete it.

Changes to this policy

We may update this policy from time to time. If a change affects how we access, use, store, or share Google user data, we will notify you by email or by an in-app notice before the change takes effect.

Contact

Tagfire Email: hello@tagfire.app